Skills
skills/codervisor/forge/rust-npm-publish/Gen Agent Trust Hub

rust-npm-publish

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a thin JavaScript wrapper (bin.js) that uses child_process.execFileSync to execute the appropriate platform-specific binary. This is a standard practice for distributing native code via npm.
  • [COMMAND_EXECUTION]: Automation scripts (e.g., publish-main-packages.ts and publish-platform-packages.ts) use child_process.execSync to run npm publish commands. These operations are essential for the skill's purpose and are guarded by environment checks (CI/GitHub Actions).
  • [COMMAND_EXECUTION]: The publish pipeline manages file permissions using chmod +x in shell scripts and fs.chmodSync in generated postinstall.js scripts to ensure binaries are executable on the target systems.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 02:23 PM